From 31075c8cee554845d882f9becc3cacdf86d8757303429a20523a6fc22d276326 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Mon, 16 Dec 2019 16:09:25 +0000 Subject: [PATCH] Accepting request 757364 from home:mgerstner:branches:Base:System - Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security wise. OBS-URL: https://build.opensuse.org/request/show/757364 OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=29 --- baselibs.conf | 2 -- libcap.changes | 6 ++++++ libcap.spec | 23 +++-------------------- 3 files changed, 9 insertions(+), 22 deletions(-) diff --git a/baselibs.conf b/baselibs.conf index d16b166..6d70477 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,3 +1 @@ libcap2 -pam_cap - supplements "packageand(pam_cap:pam-)" diff --git a/libcap.changes b/libcap.changes index d5c0731..32271bb 100644 --- a/libcap.changes +++ b/libcap.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Dec 16 14:21:27 UTC 2019 - matthias.gerstner@suse.com + +- Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security + wise. + ------------------------------------------------------------------- Thu Feb 22 15:10:35 UTC 2018 - fvogt@suse.com diff --git a/libcap.spec b/libcap.spec index b9ae571..4645f33 100644 --- a/libcap.spec +++ b/libcap.spec @@ -1,7 +1,7 @@ # # spec file for package libcap # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,13 +12,13 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: libcap Summary: Library for Capabilities (linux-privs) Support -License: BSD-3-Clause and GPL-2.0 +License: BSD-3-Clause AND GPL-2.0-only Group: Development/Libraries/C and C++ Version: 2.25 Release: 0 @@ -26,7 +26,6 @@ Source: https://www.kernel.org/pub/linux/libs/security/linux-privs/libca Source2: baselibs.conf Url: https://sites.google.com/site/fullycapable/ BuildRequires: fdupes -BuildRequires: pam-devel BuildRequires: pkg-config %description @@ -75,13 +74,6 @@ Group: System/Filesystems This package contains utility programs handling capabilities via libcap. -%package -n pam_cap -Summary: PAM Module for Capabilities Support -Group: System/Libraries - -%description -n pam_cap -A PAM module for per-session capabilities manipulation. - %prep %setup -q %build @@ -100,10 +92,6 @@ find %{buildroot} -type f -name '*.la' -print -delete # do not provide static libs rm %{buildroot}%{_libdir}/libcap.a -mkdir -p %{buildroot}/%{_lib}/security -mv %{buildroot}%{_libdir}/security/pam_cap.so %{buildroot}/%{_lib}/security/pam_cap.so -install -D pam_cap/capability.conf %{buildroot}%{_sysconfdir}/security/capability.conf - %fdupes -s $RPM_BUILD_ROOT %post -n libcap2 -p /sbin/ldconfig @@ -130,9 +118,4 @@ install -D pam_cap/capability.conf %{buildroot}%{_sysconfdir}/security/capabilit %{_libdir}/pkgconfig/%{name}.pc %{_mandir}/man3/* -%files -n pam_cap -%defattr(-,root,root) -%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/security/capability.conf -/%{_lib}/security/pam_cap.so - %changelog